fix(engine): always include builtin registry in resolved lock by daryllimyt · Pull Request #2536 · TracecatHQ/tracecat

daryllimyt · 2026-04-16T18:36:15Z

Summary

Always include the builtin tracecat_registry origin in the resolved registry lock so custom actions retain access to decorators, secrets, and SDK helpers imported from it.
Fall back to the installed tracecat_registry.__version__ with a warning log when the platform registry has no current_version_id, so workflows still start on unsynced bootstraps instead of failing at tarball mount.
Consolidate the origin filter + builtin re-add into a single pass.
Rewrite the stale "omits builtin when unsynced" test to assert the fallback version is used.

Test plan

uv run pytest tests/unit/test_registry_lock_service.py -x -q
uv run ruff check + ruff format --check
uv run basedpyright --warnings tracecat/registry/lock/service.py

Summary by cubic

Always include the builtin tracecat_registry in resolved registry locks using the platform-selected version. If it isn’t synced, block lock resolution and surface a clear, retryable error across API endpoints, MCP tools, and the Temporal agent; the executor now prefetches all lock origins.

Bug Fixes
- Always include tracecat_registry with the platform-selected version; if missing, raise BuiltinRegistryHasNoSelectionError (no fallback).
- When builtin sync is pending, return/rethrow validation-style, retryable errors:
  - API commit/import/publish use registry.builtin_sync_pending.
  - MCP tools (create_workflow, publish_workflow, execute_action_tool) and the agent (build_tool_definitions activity, durable workflow) surface the same message as ToolError/Temporal ApplicationError.
- Executor prefetches all lock origins (builtin and custom).

^{Written for commit 3cd594b. Summary will update on new commits.}

The resolved registry lock could omit `tracecat_registry` when no workflow action bound to it, which broke custom-action execution (they import decorators, secrets, and SDK helpers from the builtin). Always include the builtin origin, using the platform version when synced and falling back to the installed package version otherwise so workflows continue to start on unsynced bootstraps.

chatgpt-codex-connector

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 311961dbc8

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

Open a pull request for review
Mark a draft as ready
Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

zeropath-ai · 2026-04-16T18:38:29Z

✅ No security or compliance issues detected. Reviewed everything up to 3cd594b.

Security Overview

🔎 Scanned files: 16 changed file(s)
🔗 Scan Link: https://zeropath.com/app/repositories/00dffd6c-8834-4dc9-b6d8-b44cd1622986?scanId=3243541e-cabf-418b-9a38-40e5f7951e4d&codeScanTypes=PrScan&tab=issues

Detected Code Changes

Change Type	Relevant files
Bug Fix	► packages/tracecat-ee/tracecat_ee/agent/activities.py Handle BuiltinRegistryHasNoSelectionError in build_tool_definitions activity by raising ApplicationError. ► packages/tracecat-ee/tracecat_ee/agent/workflows/durable.py Catch ActivityError in _run_with_nsjail and re-raise the underlying ApplicationError if it's related to BuiltinRegistryHasNoSelectionError.
Enhancement	► tests/unit/api/test_api_workflows.py Add tests for commit_workflow and create_workflow_import when builtin registry is not ready. ► tests/unit/test_agent_activities.py Add test for AgentActivities.build_tool_definitions to handle BuiltinRegistryHasNoSelectionError. ► tests/unit/test_agent_mcp_trusted_server.py Add test for execute_action_tool to surface BuiltinRegistryHasNoSelectionError as ToolError. ► tests/unit/test_mcp_server.py Add tests for create_workflow and publish_workflow to handle BuiltinRegistryHasNoSelectionError. ► tests/unit/test_registry_lock_service.py Seed builtin platform registry by default in tests. Add test to ensure builtin registry is always included in the lock. Add test to overwrite builtin origin with platform version. Add test to raise BuiltinRegistryHasNoSelectionError when builtin registry is not synced. ► tests/unit/test_registry_resolver.py Add test to prefetch_lock to fetch all lock origins. ► tests/unit/test_workflow_definitions_activities.py Add test to map BuiltinRegistryHasNoSelectionError to ApplicationError in resolve_registry_lock_activity. ► tracecat/agent/mcp/trusted_server.py Raise ToolError when BuiltinRegistryHasNoSelectionError is encountered. ► tracecat/exceptions.py Add BuiltinRegistryHasNoSelectionError exception. ► tracecat/executor/registry_resolver.py Ensure tasks are gathered only if there are tasks to run in prefetch_lock. ► tracecat/mcp/server.py Handle BuiltinRegistryHasNoSelectionError during workflow creation by raising ToolError. Handle BuiltinRegistryHasNoSelectionError during publish_workflow by returning a validation failure. ► tracecat/registry/lock/service.py Always include builtin registry in lock origins. Raise BuiltinRegistryHasNoSelectionError if builtin registry is not synced. ► tracecat/workflow/management/definitions.py Map BuiltinRegistryHasNoSelectionError to ApplicationError in resolve_registry_lock_activity. ► tracecat/workflow/management/router.py Handle BuiltinRegistryHasNoSelectionError during workflow creation by raising HTTPException. Handle BuiltinRegistryHasNoSelectionError during commit_workflow by returning a validation failure.

cubic-dev-ai

No issues found across 2 files

Confidence score: 5/5

Automated review surfaced no issues in the provided summaries.
No files require special attention.

cubic-dev-ai

1 issue found across 2 files (changes from recent commits).

Prompt for AI agents (unresolved issues)


Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.


<file name="tracecat/registry/lock/service.py">

<violation number="1" location="tracecat/registry/lock/service.py:213">
P1: The new fallback path drops the builtin `tracecat_registry` origin from the lock, which can break action execution in bootstrap/unsynced states where builtin artifacts are still required.</violation>
</file>

_{Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.}

The builtin tracecat_registry platform row is pre-seeded by registry_version_with_manifest in some worker runs under pytest-xdist, causing the two new lock tests to fail on CI: - test_resolve_lock_always_includes_builtin_registry tried to insert a duplicate platform repo. - test_resolve_lock_skips_builtin_origin_when_platform_not_synced saw the seeded current_version_id and returned the builtin origin. Reuse the seeded repo when present and clear its current_version_id in the unsynced scenario so both tests behave correctly with or without the fixture-driven seed.

chatgpt-codex-connector

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: e21044af68

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

Open a pull request for review
Mark a draft as ready
Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

cubic-dev-ai

1 issue found across 4 files (changes from recent commits).

Prompt for AI agents (unresolved issues)


Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.


<file name="tracecat/registry/lock/service.py">

<violation number="1" location="tracecat/registry/lock/service.py:218">
P1: Always overwrite `tracecat_registry` with the platform/fallback version here. Leaving an org-scoped same-origin entry in place makes artifact lookup miss later.</violation>
</file>

_{Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.}

cubic-dev-ai

1 issue found across 7 files (changes from recent commits).

Prompt for AI agents (unresolved issues)


Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.


<file name="tests/unit/test_registry_lock_service.py">

<violation number="1" location="tests/unit/test_registry_lock_service.py:706">
P2: This test now asserts the pre-fix error path instead of the required installed-version fallback, so it no longer covers the unsynced bootstrap behavior the change is meant to add.</violation>
</file>

_{Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.}

chatgpt-codex-connector

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 3e080ccb44

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

Open a pull request for review
Mark a draft as ready
Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

chatgpt-codex-connector

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 987b88ded8

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

Open a pull request for review
Mark a draft as ready
Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

daryllimyt added engine Improvements or additions to the workflow engine fix Bug fix labels Apr 16, 2026

daryllimyt temporarily deployed to internal-registry-ci April 16, 2026 18:36 — with GitHub Actions Inactive

daryllimyt requested a review from jordan-umusu April 16, 2026 18:38

chatgpt-codex-connector Bot reviewed Apr 16, 2026

View reviewed changes

Comment thread tracecat/registry/lock/service.py Outdated

This comment has been minimized.

Sign in to view

cubic-dev-ai Bot reviewed Apr 16, 2026

View reviewed changes

fix: skip unsynced builtin registry in lock

c17abc3

daryllimyt temporarily deployed to internal-registry-ci April 16, 2026 18:51 — with GitHub Actions Inactive

cubic-dev-ai Bot reviewed Apr 16, 2026

View reviewed changes

Comment thread tracecat/registry/lock/service.py Outdated

daryllimyt temporarily deployed to internal-registry-ci April 16, 2026 19:03 — with GitHub Actions Inactive

fix: prefetch only action-bound lock origins

e21044a

daryllimyt temporarily deployed to internal-registry-ci April 16, 2026 19:06 — with GitHub Actions Inactive

chatgpt-codex-connector Bot reviewed Apr 16, 2026

View reviewed changes

Comment thread tracecat/registry/lock/service.py Outdated

cubic-dev-ai Bot reviewed Apr 16, 2026

View reviewed changes

Comment thread tracecat/registry/lock/service.py Outdated

skip fallback version if no builtin version found

f2b235a

daryllimyt temporarily deployed to internal-registry-ci April 16, 2026 22:20 — with GitHub Actions Inactive

This comment has been minimized.

Sign in to view

fix(workflows): block invalid builtin lock resolution

0e885ae

daryllimyt temporarily deployed to internal-registry-ci April 17, 2026 12:34 — with GitHub Actions Inactive

cubic-dev-ai Bot reviewed Apr 17, 2026

View reviewed changes

Comment thread tests/unit/test_registry_lock_service.py

fix(executor): prefetch all lock origins

3e080cc

daryllimyt temporarily deployed to internal-registry-ci April 17, 2026 12:49 — with GitHub Actions Inactive

daryllimyt temporarily deployed to internal-registry-ci April 17, 2026 12:50 — with GitHub Actions Inactive

chatgpt-codex-connector Bot reviewed Apr 17, 2026

View reviewed changes

Comment thread tracecat/registry/lock/service.py

fix: surface builtin sync pending errors

987b88d

daryllimyt temporarily deployed to internal-registry-ci April 17, 2026 13:10 — with GitHub Actions Inactive

daryllimyt temporarily deployed to internal-registry-ci April 17, 2026 13:11 — with GitHub Actions Inactive

jordan-umusu approved these changes Apr 17, 2026

View reviewed changes

chatgpt-codex-connector Bot reviewed Apr 17, 2026

View reviewed changes

Comment thread tracecat/registry/lock/service.py

fix: surface agent builtin registry sync pending

3cd594b

daryllimyt temporarily deployed to internal-registry-ci April 20, 2026 14:33 — with GitHub Actions Inactive

daryllimyt merged commit 5d1d745 into main Apr 20, 2026
17 checks passed

daryllimyt deleted the fix/registry-lock-builtin-fallback branch April 20, 2026 14:44

Conversation

daryllimyt commented Apr 16, 2026 • edited by cubic-dev-ai Bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Summary

Test plan

Summary by cubic

Uh oh!

chatgpt-codex-connector Bot left a comment

Choose a reason for hiding this comment

💡 Codex Review

Uh oh!

Uh oh!

zeropath-ai Bot commented Apr 16, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

This comment has been minimized.

cubic-dev-ai Bot left a comment

Choose a reason for hiding this comment

Uh oh!

cubic-dev-ai Bot left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

chatgpt-codex-connector Bot left a comment

Choose a reason for hiding this comment

💡 Codex Review

Uh oh!

Uh oh!

cubic-dev-ai Bot left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

This comment has been minimized.

cubic-dev-ai Bot left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

chatgpt-codex-connector Bot left a comment

Choose a reason for hiding this comment

💡 Codex Review

Uh oh!

Uh oh!

chatgpt-codex-connector Bot left a comment

Choose a reason for hiding this comment

💡 Codex Review

Uh oh!

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

daryllimyt commented Apr 16, 2026 •

edited by cubic-dev-ai Bot

Loading

zeropath-ai Bot commented Apr 16, 2026 •

edited

Loading